Hide Source Code

[Bob]

I run a logon, password validation page on a local
intranet site. I use a Java script in the head field that
contains the passwords. Is there anything I can add that
won't allow the source to be viewed from a browser?

 

[Jack Brewster]

I run a logon, password validation page on a local
intranet site. I use a Java script in the head field that
contains the passwords. Is there anything I can add that
won't allow the source to be viewed from a browser?

Bob,

Nope. This is just about as insecure as posting a plain link to the
protected page.

Anything that is contained within your pages is viewable by your visitor.
There is no way to hide code (JavaScript, HTML, or otherwise) that is
downloaded to the visitor's computer. The only way to hide code is to not
send it out in the first place. If you are worried about securing pages on
your site, you need to look at using a server side scripting solution such
as PHP or ASP or creating accounts directly on your server. Talk to your
web host about what you are trying to achieve as they may already have a
solution you can make use of.

Good luck,

 

[MD WebsUnlimited.com]

Hi Bob,

Take a look at
http://www.websunlimited.com/order/Product/PagePro/pagepro.htm

 

[Stefan B Rusynko]

Or see http://support.microsoft.com/default.aspx?scid=301554

--



| Hi Bob,
|
| Take a look at
| http://www.websunlimited.com/order/Product/PagePro/pagepro.htm
|
| --
| Mike -- FrontPage MVP '97-'02
| J-Bots Plus 2002 End of Summer Sale You Save $20.00
| http://www.websunlimited.com
| FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible
| ----------------------------------------------------------------------------
| --------------------
| If you think I'm doing a good job, let MS know at (e-mail address removed)
|
| | > I run a logon, password validation page on a local
| > intranet site. I use a Java script in the head field that
| > contains the passwords. Is there anything I can add that
| > won't allow the source to be viewed from a browser?
|
|

 

[Larry]

Another way to hide the passwords would be to place them and the password script in a js "include" file
with a suitably innocuous name [not 'passwords.js']. On the web 'view source' will just show the include
filename but the information could still possibly be seen in the browser cache if someone was stubborn
enuf to check.

Another idea is to encode the password characters as their character equivalents to make them harder to
detect'
i.e. the "@" symbol has the HTML Tag character counterpart of "@".
Also don't use the word 'password' anywhere on your site except in the login script.

Larry

Or see http://support.microsoft.com/default.aspx?scid=301554

--


| Hi Bob,
|
| Take a look at
| http://www.websunlimited.com/order/Product/PagePro/pagepro.htm
|
| --
| Mike -- FrontPage MVP '97-'02
| J-Bots Plus 2002 End of Summer Sale You Save $20.00
| http://www.websunlimited.com
| FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible
| ----------------------------------------------------------------------------
| --------------------
| If you think I'm doing a good job, let MS know at (e-mail address removed)
|
| | > I run a logon, password validation page on a local
| > intranet site. I use a Java script in the head field that
| > contains the passwords. Is there anything I can add that
| > won't allow the source to be viewed from a browser?
|
|

--
For your security and peace of mind ALL emails are automatically scanned
with the latest Norton AV Virus Definitions. Not that I have any virus'
but why not be careful! I get virus signature updates regularly!

A Belt and Suspenders are the best security invented!